Mirrored_Repos/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2024-09-19 17:11:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Validate id, avoid db call if not needed

Browse Source
This commit is contained in:
Brahim Hadriche 2023-03-02 14:47:14 -05:00
parent 8c0efb3ea9
commit 38f6d08be6
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/invidious/routes/api/v1/authenticated.cr
View File

@ -82,7 +82,7 @@ module Invidious::Routes::API::V1::Authenticated
end
id = env.params.url["id"]?.try &.as(String)
if !id
if !id.match(/[a-zA-Z0-9_-]{11}/)
return error_json(400, "Invalid video id.")
end
@ -93,6 +93,10 @@ module Invidious::Routes::API::V1::Authenticated
def self.mark_unwatched(env)
user = env.get("user").as(User)
if !user.preferences.watch_history
return error_json(409, "Watch history is disabled in preferences.")
end
id = env.params.url["id"]?.try &.as(String)
if !id.match(/[a-zA-Z0-9_-]{11}/)
return error_json(400, "Invalid video id.")